When accessing a NNTP URL, Lynx connects to a NNTP server and retrievesinformation about the available articles in the target newsgroup. UlfHarnhammar discovered a buffer overflow in a function that handles theescaping of special characters.

Impact======

An attacker could setup a malicious NNTP server and entice a user toaccess it using Lynx (either by creating NNTP links on a web page or byforcing a redirect for Lynx users). The data returned by the NNTPserver would trigger the buffer overflow and execute arbitrary codewith the rights of the user running Lynx.

This GLSA and any updates to it are available for viewing atthe Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200510-15.xml

Concerns?=========

Security is a primary focus of Gentoo Linux and ensuring theconfidentiality and security of our users machines is of utmostimportance to us. Any security concerns should be addressed tosecurity@gentoo.org or alternatively, you may file a bug athttp://bugs.gentoo.org.